4.3
CVSSv2

CVE-2018-9849

Published: 10/05/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

Pulse Secure Pulse Connect Secure 8.1.x prior to 8.1R14, 8.2.x prior to 8.2R11, and 8.3.x prior to 8.3R5 do not properly process nested XML entities, which allows remote malicious users to cause a denial of service (memory consumption and memory errors) via a crafted XML document.

Affected Products

Vendor Product Versions
PulsesecurePulse Connect Secure8.1, 8.1r1.0, 8.1r1.1, 8.1r2.0, 8.1r2.1, 8.2, 8.3